---
#
# Install packages needed for fedora people
#
- name: install packages needed for fedora people
  package: name={{ item }} state=present
  with_items:
  - cvs
  - git
  - bzr
  - mercurial
  - lftp
  - quota
  - nano
  - pyliblzma
  - libxml2-python
  - python-jinja2
  - tree            # requested in ticket 5148
  - mod_ssl
  tags:
  - packages
  - people

- name: install main httpd config
  template: src=people.conf dest=/etc/httpd/conf.d/people.conf
  tags:
  - people

- name: install httpd config
  copy: src={{item}} dest=/etc/httpd/conf.d/{{item}}
  with_items:
  - cgit.conf
  - ssl.conf
  - userdir.conf
  tags:
  - people

- name: Install haveged for entropy
  package: name=haveged state=present
  tags:
  - httpd
  - httpd/proxy

- name: Set haveged running/enabled
  service: name=haveged enabled=yes state=started
  tags:
  - service
  - httpd
  - httpd/proxy

- name: Empty default welcome.conf
  copy: dest=/etc/httpd/conf.d/welcome.conf content=""
  tags:
  - people

- name: start httpd
  service: name="httpd" state=started
  tags:
  - people

- name: set selinux booleans needed for people
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  - httpd_enable_homedirs
  - git_cgi_enable_homedirs
  - git_system_enable_homedirs
  - antivirus_can_scan_system
  - httpd_read_user_content
  tags:
  - people

- name: check the selinux context of the users home git dirs
  command: matchpathcon "/home/fedora/someone/public_git"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy for the users home git dirs
  command: semanage fcontext -a -t git_user_content_t "/home/fedora/(.*)/public_git(.*)"
  when: gitcontext.stdout.find('git_user_content_t') == -1
  tags:
  - config
  - selinux

- name: check the selinux context of the project dirs
  command: matchpathcon "/project"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy for the project dirs
  command: semanage fcontext -a -t httpd_sys_content_t "/project(.*)"
  when: gitcontext.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux

- name: check the selinux context of the web dir
  command: matchpathcon "/srv/web"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy for the web dir
  command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
  when: gitcontext.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux

- name: check the selinux context of the people dir
  command: matchpathcon "/srv/people"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy for the web dir
  command: semanage fcontext -a -t httpd_sys_content_t "/srv/people(/.*)?"
  when: gitcontext.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux

- name: check the selinux context of the planet dir
  command: matchpathcon "/srv/planet"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy for the planet dir
  command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?"
  when: gitcontext.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
  - selinux

# This is a file context alias, to let ansible know that /home and /srv/home
# are equal as far as contexts are concerned.
- name: check the selinux context alias of the home dir
  command: matchpathcon "/srv/home"
  register: gitcontext
  check_mode: no
  changed_when: false
  tags:
  - config
  - selinux

- name: set the SELinux policy alias for the home dir
  command: semanage fcontext -a -e /home /srv/home
  when: gitcontext.stdout.find('home_root_t') == -1
  tags:
  - config
  - selinux

#
# This sets the default, it's safe to always run.
# Default quota for users is 2gb
#
- name: set default xfs quotas on /srv
  command: xfs_quota -x -c 'limit bsoft=2g bhard=2g -d' /srv
  check_mode: no
  register: xfs_quotaoutput
  changed_when: "xfs_quotaoutput.rc != 0"
  tags:
  - people
  - peoplequotas

#
# This sets quotas for people who requested more than default
# It's also safe to aways run.
#
- name: set quotas for people who have more set
  command: xfs_quota -x -c 'limit bsoft={{ item.quota }} bhard={{ item.quota }} {{ item.user }}' /srv
  with_items:
  - { user: apache, quota: 1000g }
  - { user: bollocks, quota: 12g }
  - { user: dmarlin, quota: 5g }
  - { user: duffy, quota: 10g }
  - { user: dustymabe, quota: 10g }
  - { user: dwalsh, quota: 5g }
  - { user: hadess, quota: 5g }
  - { user: imcleod, quota: 15g }
  - { user: jdulaney, quota: 5g }
  - { user: jforbes, quota: 5g }
  - { user: jnovy, quota: 5g }
  - { user: kalev, quota: 5g }
  - { user: kashyapc, quota: 5g }
  - { user: linuxmodder, quota: 12g }
  - { user: lupinix, quota: 8g }
  - { user: mimccune, quota: 3g }
  - { user: nb, quota: 5g }
  - { user: nobody, quota: 1000g }
  - { user: npmccallum, quota: 5g }
  - { user: parasense, quota: 5g }
  - { user: planet-user, quota: 1000g }
  - { user: ppisar, quota: 4g }
  - { user: pulpadmin, quota: 10g }
  - { user: sapnetweavergatewayonfedora, quota: 5g }
  - { user: slagle, quota: 7g }
  - { user: spot, quota: 15g }
  - { user: spstarr, quota: 4g }
  - { user: steved, quota: 5g }
  - { user: tflink, quota: 10g }
  - { user: thunderbirdtr, quota: 3g }
  - { user: zbyszek, quota: 20g }
  - { user: zpericic, quota: 5g }
  check_mode: no
  register: xfs_quotaoutput
  changed_when: "xfs_quotaoutput.rc != 0"
  tags:
  - people
  - peoplequotas

- name: create repos directory
  file: path=/project/repos state=directory owner=root group=cla_done mode=0775
  tags:
  - people

- name: create repos link
  file: state=link src=/project/repos dest=/srv/repos
  tags:
  - people

- name: create groups link
  file: state=link src=/project dest=/srv/groups
  tags:
  - people

- name: setup script to grab download stats for some groups.
  copy: src=grab-daily-logs.sh dest=/usr/local/bin/grab-daily-logs.sh mode=0755
  tags:
  - people

- name: setup cron job to gather download stats
  copy: src=grab-daily-logs.cron dest=/etc/cron.daily/grab-daily-logs mode=0755
  tags:
  - people

- name: copy static files to make main fedorapeople.org index page
  copy: src=static/ dest=/srv/people/site/static
  tags:
  - people

- name: setup script to make main fedorapeople.org index page
  copy: src=make-people-page.py dest=/usr/local/bin/make-people-page.py mode=755
  tags:
  - people

- name: setup script check for broken planet confs
  copy: src=check-broken-planet.py dest=/usr/local/bin/check-broken-planet.py mode=755
  tags:
  - people

- name: setup cron to run make fedorapeople.org main index page
  copy: src=make-people-page.cron dest=/etc/cron.d/make-people-page.cron mode=644
  tags:
  - people

- name: setup cron to run the check for broken planet confs
  copy: src=check-broken-planet.cron dest=/etc/cron.d/check-broken-planet.cron mode=644
  tags:
  - people

- name: setup cron to remove freeipa prcl logs
  copy: src=del-freeipa-prcl.cron dest=/etc/cron.daily/del-freeipa-prcl.cron mode=755
  tags:
  - people
